- ~ posted 01 October 2015 at 03:25
If you're like me, you're probably a fair bit angry and disappointed that broad government surveillance of the Internet is now completely expected and is essentially our new baseline. What we can reasonably expect to be private has diminished to the point that apologists resort to arguments including phrases like "I've got nothing to hide" and "I am not doing anything wrong." To make matters worse, mass surveillance of the Internet isn't limited to the United States or even the so-called Five Eyes countries. These technologies and techniques are available to any country and many countries are well down the path of further deploying broad surveillance capabilities, to say nothing of "corporate surveillance" like Internet ad companies. You, like me, may have gone far enough to install apps like TextSecure, Red Phone or Signal and you might think it is rad that WhatsApp is deploying end-to-end encryption for hundreds of millions of people.
But this post isn't for you and me.
This post is ultimately for the privacy-appreciating people around us that may not know that there are a few simple steps they can take to push-back against government surveillance on our Internet.
Here are my thoughts on the first three steps folks can take—with our help—to ever-so-slightly cloud the powerful all-seeing eye of Internet surveillance.
Keep browsers and operating systems up-to-date. From a security perspective, using up-to-date browsers and operating systems provides by far the best protection against vulnerabilities. But at the same time, modern browsers and operating systems also have a huge influence over the privacy of our online communications. For example, browsers are constantly revising which encryption and hash algorithms are supported, which provide warnings, and which are blocked as well as the way in which content can be retrieved from sites over a combination of HTTP and HTTPS connections. Staying up-to-date means we can take advantage of the current best approaches to maintaining confidentiality over the Internet.
Move to TextSecure or Signal for mobile messaging. Encrypted (and actually secure) mobile messaging isn't an easy problem at all. Luckily for us, TextSecure for Android and compatible Signal for iOS do a tremendous job providing secure and, by extension, private communications—as verified using the secure messaging scorecard from the EFF—while being entirely usable replacements for the default messaging applications on these platforms.
Install HTTPS Everywhere. HTTPS Everywhere is a browser extension for Chrome, Firefox and Opera that increases the confidentiality of web browsing by using encrypted HTTPS connections to many more popular websites instead of the default and easily read HTTP connections.
To be honest though, I care more that you take three surveillance-countering things—almost any three things—to the people around you more than I care that you use the three things above. So if you like these, great, and what are steps four, five and six? Or, if you think my three are the wrong three, what are you going to share with your friends and family? Let me know!